CVE-2025-30553: 
WordPress vulnerability analysis and mitigation

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Z.com byGMO GMO Font Agent plugin affecting versions through 1.6. The vulnerability was disclosed on March 24, 2025, and assigned identifier CVE-2025-30553. The issue affects the WordPress plugin GMO Font Agent and allows attackers to perform Stored XSS attacks (NVD, Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') issue. It has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L. The vulnerability is tracked under CWE-79 (Patchstack).

The vulnerability could allow malicious actors to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into the website which will be executed when guests visit the site. This creates potential risks for website visitors and could lead to various forms of client-side attacks (Patchstack).

As of the disclosure date, no official fix has been made available for this vulnerability. The issue affects versions up to and including 1.6 of the GMO Font Agent plugin (Patchstack).